using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc;

namespace AuthZ.RoleBased.Controllers;

/// <summary>
/// 帐号管理 (模拟不同角色的用户登录)
/// </summary>
[ApiController]
[Route("login/")]
public class AccountController : ControllerBase
{
    /// <summary>
    /// 管理员登录
    /// </summary>
    [HttpPost("admin")]
    public async Task<IActionResult> Admin()
    {
        var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
        identity.AddClaims(new[]
        {
            // JwtClaimTypes
             new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString("N")),
             new Claim(ClaimTypes.Name, "Admin"),
             new Claim(ClaimTypes.Role, "admin")
        });


        var principal = new ClaimsPrincipal(identity);
        await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
        
        //可在Bash终端验证：curl -X POST -v 'http://localhost:8080/login/admin'
        return Ok("登录成功,认证信息已写入Cookie.");
    }

    /// <summary>
    /// 开发者登录
    /// </summary>
    [HttpPost("developer")]
    public async Task<IActionResult> Developer()
    {
        var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
        identity.AddClaims(new[]
        {
            new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString("N")),
            new Claim(ClaimTypes.Name, "Developer"),
            new Claim(ClaimTypes.Role, "developer")
        });

        var principal = new ClaimsPrincipal(identity);
        await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
        return Ok("登录成功,认证信息已写入Cookie.");
    }

    /// <summary>
    /// 测试员登录
    /// </summary>
    /// <returns></returns>
    [HttpPost("tester")]
    public async Task<IActionResult> Tester()
    {
        var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
        identity.AddClaims(new[]
        {
            new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString("N")),
            new Claim(ClaimTypes.Name, "Tester"),
            new Claim(ClaimTypes.Role, "tester")
        });

        var principal = new ClaimsPrincipal(identity);
        await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
        return Ok("登录成功,认证信息已写入Cookie.");
    }

    /// <summary>
    /// 具有【开发】和【测试】角色者登录
    /// </summary>
    [HttpPost("developer/tester")]
    public async Task<IActionResult> DeveloperAndTester()
    {
        var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
        identity.AddClaims(new[]
        {
            new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString("N")),
            new Claim(ClaimTypes.Name, "WhoWithDeveloperAndTesterRole"),
            new Claim(ClaimTypes.Role, "developer"),
            new Claim(ClaimTypes.Role, "tester")
        });

        var principal = new ClaimsPrincipal(identity);
        await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
        return Ok("登录成功,认证信息已写入Cookie.");
    }
}